CSSLP Chapter 3 - Secure Software Design

0.0(0)
Studied by 0 people
call kaiCall Kai
Locked
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/100

flashcard set

Earn XP

Description and Tags

CSSLP Chapter 3 - Secure Software Design

Last updated 9:02 AM on 7/6/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai
Chat

No analytics yet

Send a link to your students to track their progress

101 Terms

1
New cards
What causes the majority of software security issues?
Insecure or incomplete design.
2
New cards
What methods can be used for attack surface evaluation?
Threat models and misuse case modeling
3
New cards
What are the benefits to designing security into software?
Resiliency and recoverability. Quality, maintainability, less prone to errors. Minimal redesign and consistency. Addressed business logic flaws.
4
New cards
What is a business logic flaw?
A flaw where the software is operating as designed, but the design itself makes circumventing the security policy possible.
5
New cards
What is the difference between a flaw and a bug?
Flaws are design or architectural defects. Coding or implementation constructs that can cause a breach in security are bugs.
6
New cards
What is a semantic issue?
A logic flaw.
7
New cards
What are the core security elements?
Confidentiality, Integrity, Availability, Authentication, Authorization, and Auditing.
8
New cards
What are the types of cryptography?
Covert and Overt
9
New cards
What are the types of covert cryptography?
Steganography and digital watermarking
10
New cards
What are the types of overt cryptography?
Hashing and encryption
11
New cards
What are the types of encryption?
Symmetric and asymmetric
12
New cards
What is "work factor"?
In cryptanalysis, the amount of work required to defeat an algorithm.
13
New cards
What is the only provably unbreakable encryption?
The one time pad
14
New cards
Describe symmetric encryption.
It's characterized by using a single key for encryption and decryption that must be shared between the sender and receiver.
15
New cards
What is the benefit to symmetric key encryption?
It's fast and efficient.
16
New cards
What are the challenges to symmetric key encryption?
Key exchange and management require a secure, out-of-band mechanism. Scalability - need a unique key for each pair of sender/recipient. No nonrepudiation.
17
New cards
What kind of algorithm is RC-2?
Symmetric
18
New cards
What kind of algorithm is RC-4?
Symmetric
19
New cards
What kind of algorithm is RC-5?
Symmetric
20
New cards
What is the key size of DES?
56 bits
21
New cards
What is the key size of skipjack?
80 bits
22
New cards
What is the key size of IDEA?
128 bits
23
New cards
What is the key size of blowfish?
128 bits
24
New cards
What is the key size of 3DES?
168 bits
25
New cards
What is the key size of twofish?
256 bits
26
New cards
What is the key size of RC6?
256 bits
27
New cards
What is the key size of AES/Rijndael?
256 bits
28
New cards
What other term is used for nonrepudiation protection?
Proof-of-origin protection
29
New cards
What advantages does public key crypto have?
Key exchange is easier. Scalability - each user only needs 2 keys (public/private). Addresses nonrepudiation.
30
New cards
What is the disadvantage of public key crypto?
It's computationally intensive, so slower.
31
New cards
List common public key crypto algorithms.
RSA, El Gamal, Diffie-Hellman, Elliptic Curve Cryptosystem
32
New cards
What is Elliptic Curve Cryptosystem ideal for?
Small hardware devices such as smart cards and mobile devices.
33
New cards
What does a digital certificate include?
Public keys, algorithm information, owner and subject data, digital signature of the CA, and a validity date range.
34
New cards
What are the types of digital certificates?
Personal, Server, Software publisher
35
New cards
What should you use when copyright and IP protection are an issue?
Digital watermarking
36
New cards
What should you use if data confidentiality in processing, transit, storage, and archiving need to be assured?
Hashing or encryption.
37
New cards
What features can be used to assure integrity?
Hashing, Referential integrity, Resource locking, Code signing
38
New cards
What is a message digest (according to the book)?
The original message and its hash value.
39
New cards
What is collision free or collision resistance?
A property of hash functions where it is computationally infeasible to find two inputs that hash to the same value.
40
New cards
What does salting a hash do (according to the book)?
Improve collision resistance
41
New cards
What is a dictionary attack?
A brute force attack that attempts to thwart security mechanisms using an exhaustive list.
42
New cards
What are common hash functions?
MD2, MD4, MD5, SHA-[012].
43
New cards
Describe the MD series of hash functions.
All use a 128 bit output. Proven not to be collision resistant.
44
New cards
Describe the SHA family of hash functions.
SHA-[01] uses a 160 bit output. SHA-224 generates 256 bit output. SHA-256 generates 256 bit output. SHA-384 generates 512 bit output. SHA-512 generates 512 bit output. (Note: figures as recorded in the deck; some may need verification.)
45
New cards
Describe HAVAL.
HAVAL is a hash function with variable length output (128, 160, 192, 224, 256).
46
New cards
Which hash function is considered broken and no longer suitable for use?
MD5
47
New cards
What is referential integrity?
Ensuring that data is not left in an orphaned state.
48
New cards
What are cascading deletes?
A process that ensures referential integrity by deleting data from other tables when data is deleted in a table that references them if they share a common key.
49
New cards
What is resource locking?
Disallowing concurrent operations on an object.
50
New cards
What is deadlock?
A condition that can result from improper resource locking where multiple threads are all waiting for each other to release the object.
51
New cards
What is connection pooling?
A database access efficiency mechanism where a number of connections are cached for reuse.
52
New cards
What factors should be considered in authentication design?
SSO and multifactor authentication, as well as the type of authentication required as specified in the requirements docs.
53
New cards
Why can SSO have a large security impact?
Because credentials are only verified once.
54
New cards
What should you consider in Authorization design?
Impact on performance, separation of duties, least privilege.
55
New cards
What should auditing data include?
Who, What, Where, When
56
New cards
What is modular programming?
A software design technique in which the entire program is broken down into smaller subunits or modules.
57
New cards
What does it mean when a module is cohesive?
Each module is designed to perform one and only one logical operation.
58
New cards
What is the Single Responsibility Principle?
A software engineering principle related to modularity. Each code unit should only do one thing and have one purpose.
59
New cards
What is coupling?
Coupling is a reflection of the degree of dependencies between modules, i.e., how dependent one module is to another.
60
New cards
How should modules be with respect to cohesion and coupling?
They should be highly cohesive and loosely coupled.
61
New cards
How should modules be with respect to cohesion and coupling?
They should be highly cohesive and loosely coupled.
62
New cards
What is separation of duties?
Compartmentalizing software functionality into two or more conditions, all of which must be satisfied before an operation can complete. Split cryptographic keys, for example.
63
New cards
What is defense in depth?
Also called layered defense. Using multiple layers of controls such that a single vulnerability does not result in a compromise.
64
New cards
What is "fail secure"?
A security principle that ensures that the software reliably functions when attacked, and is rapidly recoverable into a normal business and secure state in the event of design or implementation failure.
65
New cards
What does "fail secure" preserve?
Resiliency.
66
New cards
What is resiliency?
Confidentiality, integrity, availability
67
New cards
What is economy of mechanism?
A secure design principle which states that the more complex the design of the software, the more likely there are vulnerabilities. Simpler is generally more secure.
68
New cards
What considerations should we keep in mind with respect to economy of mechanism?
Avoid unnecessary functionality or unneeded security mechanisms. Strive for simplicity. Strive for operational ease of use.
69
New cards
What is complete mediation?
A security principle that states that access requests need to be mediated each time, every time, so that authority is not circumvented in subsequent requests.
70
New cards
Other thing about complete mediation:
In the design phase, identify all possible code paths that access privileged and sensitive resources. The design must require the code paths to use a single interface that performs access control checks before performing the requested operation.
71
New cards
What is Kerckhoff's principle?
All information about a cryptosystem except the key should be public, and the security of the cryptosystem is dependent on the secrecy of the key.
72
New cards
What is hardcoded credentials in source code an example of?
Security through obscurity.
73
New cards
What are the principles of open design?
The security of software should not be dependent on the secrecy of the design. Security through obscurity should be avoided. Design of protection mechanisms should be open for scrutiny by members of the community.
74
New cards
What is Least Common Mechanisms?
The security principle by which mechanisms common to more than one user or process are designed not to be shared.
75
New cards
What is psychological acceptability?
The security principle that states that security mechanisms should be designed to maximize usage, adoption, and automatic application.
76
New cards
What features should security controls have to promote psychological acceptability?
Be easy to use. Do not affect accessibility. Be transparent to the user.
77
New cards
What are the benefits of using tested and proven existing libraries and common components?
The attack surface is not increased (you're already using the code). No new vulnerabilities are introduced. Can also increase productivity.
78
New cards
What is unmanaged code?
Code that isn't managed by any runtime environment; is compiled to native code that will execute only on the processor architecture it's compiled for; memory allocation is not managed and pointers can be manipulated; requires developers to write routines to check memory allocation, array bounds, etc.
79
New cards
What is managed code?
Code that is not directly executed by the OS, but is managed by a run-time environment; is not compiled into native code, but into an Intermediate Language (IL); not generally susceptible to buffer overflows or format string vulnerabilities; has relatively shorter development time because memory management, exception handling, bounds checking, garbage collection, and type safety checking are automatically handled by the runtime environment.
80
New cards
What is an inference attack?
Gleaning sensitive information about the database from presumably hidden and trivial pieces of information using data mining techniques without directly accessing the database.
81
New cards
What is an aggregation attack?
An attack where information at different security classification levels, which are primarily nonsensitive in isolation, end up becoming sensitive information when pieced together as a whole.
82
New cards
What is polyinstantiation?
Polyinstantiation means that there exist several instances (or versions) of the database information, so that what is viewed by a user is dependent on the security clearance or classification level attributes of the requesting user.
83
New cards
What are the two ways to accomplish database encryption?
Native DBMS encryption; Cryptographic resources outside the database.
84
New cards
What is TDE?
Transparent Database Encryption. Cryptographic operations on a database that are transparent to the application layer. Can have substantial performance impact.
85
New cards
What is the primary weakness to using native DBMS encryption?
The key is stored in the database.
86
New cards
What is normalization?
A formal technique to organize data so that redundancy and inconsistency are eliminated.
87
New cards
What is first normal form?
No Repeating Groups or fields in a table, e.g. fields with multiple values.
88
New cards
What is second normal form?
No duplicates / eliminate redundant data. Also informally the "eliminate non key-dependent duplicate data" rule.
89
New cards
What is third normal form?
Data not dependent on the primary key of the table must be eliminated and stored in its own table.
90
New cards
What is the drawback to database normalization?
Performance degradation
91
New cards
What is denormalization?
Decreasing the normal form of a database deliberately, usually for performance reasons.
92
New cards
What is a trigger?
A special type of procedure that is automatically executed upon the occurrence of certain conditions within the database.
93
New cards
What is a database view?
A customized presentation of data that may be held in one or more physical tables (base tables) or another view itself. A virtual table.
94
New cards
What is DML?
Database Manipulation Language (INSERT, UPDATE, DELETE, etc).
95
New cards
What is a SMI?
A Security Management Interface. An interface used to manage the security of the software itself. Administrative. High level of privilege.
96
New cards
Why is it important to secure SMIs?
They typically run at high privilege levels.
97
New cards
What controls should be used for SMIs?
Avoid remote connectivity and administration. Employ data protection in transit, using channel security protection measures (SSL, IPSec). Use least privilege accounts and RBAC.
98
New cards
What design processes need to be completed for secure software?
Attack surface evaluation, threat modeling, control identification and prioritization, documentation.
99
New cards
What is attack surface evaluation?
A software or application's attack surface is the measure of its exposure of being exploited by a threat agent, i.e., weaknesses in its entry and exit points that a malicious attacker can exploit to his or her advantage.
100
New cards
What is RASQ?
Relative Attack Surface Quotient